1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "inner_account_iam_manager.h"
17
18 #include <thread>
19 #include "account_iam_callback.h"
20 #include "account_log_wrapper.h"
21 #include "domain_account_callback_service.h"
22 #include "account_hisysevent_adapter.h"
23 #include "iinner_os_account_manager.h"
24 #include "inner_domain_account_manager.h"
25 #include "iservice_registry.h"
26 #include "system_ability_definition.h"
27 #include "user_auth_client.h"
28 #include "user_auth_client_impl.h"
29 #include "user_idm_client.h"
30 #ifdef HAS_PIN_AUTH_PART
31 #include "access_token.h"
32 #include "ipc_skeleton.h"
33 #include "pinauth_register.h"
34 #include "token_setproc.h"
35 #endif //HAS_PIN_AUTH_PART
36 #include "os_account_constants.h"
37 #include "account_file_operator.h"
38
39 namespace OHOS {
40 namespace AccountSA {
41 namespace {
42 #ifdef HAS_STORAGE_PART
43 constexpr int32_t ERROR_STORAGE_KEY_NOT_EXIST = -2;
44 #endif
45 constexpr int32_t DELAY_FOR_EXCEPTION = 100;
46 constexpr int32_t MAX_RETRY_TIMES = 20;
47 const int32_t TIME_WAIT_TIME_OUT = 5;
48 }
49 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
50 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
51 using UserAuthClientImpl = UserIam::UserAuth::UserAuthClientImpl;
52
InnerAccountIAMManager()53 InnerAccountIAMManager::InnerAccountIAMManager()
54 {
55 userStateMap_[0] = IDLE;
56 }
57
GetInstance()58 InnerAccountIAMManager &InnerAccountIAMManager::GetInstance()
59 {
60 static InnerAccountIAMManager *instance = new (std::nothrow) InnerAccountIAMManager();
61 return *instance;
62 }
63
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)64 void InnerAccountIAMManager::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
65 {
66 challenge = UserIDMClient::GetInstance().OpenSession(userId);
67 std::lock_guard<std::mutex> lock(mutex_);
68 userStateMap_[userId] = AFTER_OPEN_SESSION;
69 }
70
CloseSession(int32_t userId)71 void InnerAccountIAMManager::CloseSession(int32_t userId)
72 {
73 UserIDMClient::GetInstance().CloseSession(userId);
74 std::lock_guard<std::mutex> lock(mutex_);
75 if (userId == 0) {
76 userStateMap_[0] = IDLE;
77 } else {
78 userStateMap_.erase(userId);
79 }
80 }
81
AddCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)82 void InnerAccountIAMManager::AddCredential(
83 int32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
84 {
85 if (callback == nullptr) {
86 ACCOUNT_LOGE("callback is nullptr");
87 return;
88 }
89
90 sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
91 if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
92 (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
93 ACCOUNT_LOGE("Failed to add death recipient for AddCred");
94 return;
95 }
96 auto idmCallbackWrapper = std::make_shared<AddCredCallback>(userId, credInfo, callback);
97 idmCallbackWrapper->SetDeathRecipient(deathRecipient);
98 if (credInfo.authType == AuthType::PIN) {
99 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId) +
100 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
101 auto accountFileOperator = std::make_shared<AccountFileOperator>();
102 ErrCode code = accountFileOperator->InputFileByPathAndContent(path, "");
103 if (code != ERR_OK) {
104 ReportOsAccountOperationFail(userId, "addCredential", code, "Failed to write add_secret_flag file");
105 ACCOUNT_LOGE("Input file fail, path=%{public}s", path.c_str());
106 }
107 }
108 UserIDMClient::GetInstance().AddCredential(userId, credInfo, idmCallbackWrapper);
109 }
110
UpdateCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)111 void InnerAccountIAMManager::UpdateCredential(
112 int32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
113 {
114 if (callback == nullptr) {
115 ACCOUNT_LOGE("callback is nullptr");
116 return;
117 }
118 Attributes emptyResult;
119 if (credInfo.token.empty()) {
120 ACCOUNT_LOGE("token is empty");
121 callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult);
122 return;
123 }
124
125 sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
126 if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
127 (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
128 ACCOUNT_LOGE("Failed to add death recipient for UpdateCred");
129 return;
130 }
131
132 auto idmCallbackWrapper = std::make_shared<UpdateCredCallback>(userId, credInfo, callback);
133 idmCallbackWrapper->SetDeathRecipient(deathRecipient);
134 UserIDMClient::GetInstance().UpdateCredential(userId, credInfo, idmCallbackWrapper);
135 }
136
DelCred(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)137 void InnerAccountIAMManager::DelCred(
138 int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
139 {
140 if (callback == nullptr) {
141 ACCOUNT_LOGE("callback is nullptr");
142 return;
143 }
144 Attributes emptyResult;
145 if (authToken.empty()) {
146 ACCOUNT_LOGD("token is empty");
147 callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult);
148 return;
149 }
150 uint64_t pinCredentialId = 0;
151 (void)IInnerOsAccountManager::GetInstance().GetOsAccountCredentialId(userId, pinCredentialId);
152 bool isPIN = (pinCredentialId != 0) && (credentialId == pinCredentialId);
153
154 auto idmCallback = std::make_shared<DelCredCallback>(userId, isPIN, authToken, callback);
155 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, authToken, idmCallback);
156 }
157
158 #ifdef HAS_PIN_AUTH_PART
OnDelUserDone(int32_t userId)159 void InnerAccountIAMManager::OnDelUserDone(int32_t userId)
160 {
161 ACCOUNT_LOGI("Delete user credential successfully, userId: %{public}d", userId);
162 std::lock_guard<std::mutex> lock(delUserInputerMutex_);
163 delUserInputerVec_.pop_back();
164 if (delUserInputerVec_.empty()) {
165 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
166 SetFirstCallerTokenID(selfToken);
167 UserIam::PinAuth::PinAuthRegister::GetInstance().UnRegisterInputer();
168 ACCOUNT_LOGI("Unregister inputer.");
169 }
170 }
171 #endif // HAS_PIN_AUTH_PART
172
DelUser(int32_t userId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)173 void InnerAccountIAMManager::DelUser(
174 int32_t userId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
175 {
176 if (callback == nullptr) {
177 ACCOUNT_LOGE("callback is nullptr");
178 return;
179 }
180 Attributes errResult;
181 if (authToken.empty()) {
182 ACCOUNT_LOGE("token is empty");
183 callback->OnResult(ResultCode::FAIL, errResult);
184 return;
185 }
186 #ifdef HAS_PIN_AUTH_PART
187 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
188 ErrCode errCode = SetFirstCallerTokenID(selfToken);
189 if (errCode != ERR_OK) {
190 ACCOUNT_LOGE("Failed to set first caller token id, errCode: %{public}d", errCode);
191 return callback->OnResult(errCode, errResult);
192 }
193 {
194 std::lock_guard<std::mutex> lock(delUserInputerMutex_);
195 if (delUserInputerVec_.empty()) {
196 auto inputer = std::make_shared<DelUserInputer>();
197 if (!UserIam::PinAuth::PinAuthRegister::GetInstance().RegisterInputer(inputer)) {
198 ACCOUNT_LOGE("Failed to resgiter inputer, continue");
199 }
200 delUserInputerVec_.emplace_back(inputer);
201 } else {
202 delUserInputerVec_.emplace_back(delUserInputerVec_[0]);
203 }
204 }
205 CredentialParameters credInfo;
206 credInfo.authType = AuthType::PIN;
207 credInfo.pinType = PinSubType::PIN_SIX;
208 credInfo.token = authToken;
209 auto delUserCallback = std::make_shared<DelUserCallback>(userId, callback);
210 UserIDMClient::GetInstance().UpdateCredential(userId, credInfo, delUserCallback);
211 #else
212
213 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, authToken, callback);
214 UserIDMClient::GetInstance().DeleteUser(userId, authToken, idmCallback);
215 #endif
216 }
217
GetCredentialInfo(int32_t userId,AuthType authType,const sptr<IGetCredInfoCallback> & callback)218 void InnerAccountIAMManager::GetCredentialInfo(
219 int32_t userId, AuthType authType, const sptr<IGetCredInfoCallback> &callback)
220 {
221 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
222 std::vector<CredentialInfo> infoList;
223 if (CheckDomainAuthAvailable(userId)) {
224 CredentialInfo info;
225 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
226 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
227 infoList.emplace_back(info);
228 }
229 return callback->OnCredentialInfo(infoList);
230 }
231 auto getCallback = std::make_shared<GetCredInfoCallbackWrapper>(userId, static_cast<int32_t>(authType), callback);
232 UserIDMClient::GetInstance().GetCredentialInfo(userId, authType, getCallback);
233 }
234
Cancel(int32_t userId)235 int32_t InnerAccountIAMManager::Cancel(int32_t userId)
236 {
237 std::lock_guard<std::mutex> lock(mutex_);
238 auto it = userStateMap_.find(userId);
239 if ((it == userStateMap_.end()) || (it->second >= AFTER_ADD_CRED)) {
240 return ResultCode::GENERAL_ERROR;
241 }
242 return UserIDMClient::GetInstance().Cancel(userId);
243 }
244
PrepareRemoteAuth(const std::string & remoteNetworkId,const sptr<IPreRemoteAuthCallback> & callback)245 int32_t InnerAccountIAMManager::PrepareRemoteAuth(
246 const std::string &remoteNetworkId, const sptr<IPreRemoteAuthCallback> &callback)
247 {
248 if (callback == nullptr) {
249 ACCOUNT_LOGE("callback is nullptr");
250 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
251 }
252 ACCOUNT_LOGI("Start IAM PrepareRemoteAuth.");
253 auto prepareCallback = std::make_shared<PrepareRemoteAuthCallbackWrapper>(callback);
254 return UserAuthClient::GetInstance().PrepareRemoteAuth(remoteNetworkId, prepareCallback);
255 }
256
CopyAuthParam(const AuthParam & authParam,UserIam::UserAuth::AuthParam & iamAuthParam)257 void InnerAccountIAMManager::CopyAuthParam(const AuthParam &authParam, UserIam::UserAuth::AuthParam &iamAuthParam)
258 {
259 iamAuthParam.userId = authParam.userId;
260 iamAuthParam.challenge = authParam.challenge;
261 iamAuthParam.authType = authParam.authType;
262 iamAuthParam.authTrustLevel = authParam.authTrustLevel;
263 iamAuthParam.authIntent = static_cast<UserIam::UserAuth::AuthIntent>(authParam.authIntent);
264 if (authParam.remoteAuthParam != std::nullopt) {
265 iamAuthParam.remoteAuthParam = UserIam::UserAuth::RemoteAuthParam();
266 if (authParam.remoteAuthParam.value().verifierNetworkId != std::nullopt) {
267 iamAuthParam.remoteAuthParam.value().verifierNetworkId =
268 authParam.remoteAuthParam.value().verifierNetworkId.value();
269 }
270 if (authParam.remoteAuthParam.value().collectorNetworkId != std::nullopt) {
271 iamAuthParam.remoteAuthParam.value().collectorNetworkId =
272 authParam.remoteAuthParam.value().collectorNetworkId.value();
273 }
274 if (authParam.remoteAuthParam.value().collectorTokenId != std::nullopt) {
275 iamAuthParam.remoteAuthParam.value().collectorTokenId =
276 authParam.remoteAuthParam.value().collectorTokenId.value();
277 }
278 }
279 }
280
AuthUser(AuthParam & authParam,const sptr<IIDMCallback> & callback,uint64_t & contextId)281 int32_t InnerAccountIAMManager::AuthUser(
282 AuthParam &authParam, const sptr<IIDMCallback> &callback, uint64_t &contextId)
283 {
284 if (callback == nullptr) {
285 ACCOUNT_LOGE("callback is nullptr");
286 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
287 }
288 OsAccountInfo osAccountInfo;
289 if ((authParam.remoteAuthParam == std::nullopt) &&
290 (IInnerOsAccountManager::GetInstance().QueryOsAccountById(authParam.userId, osAccountInfo)) != ERR_OK) {
291 ACCOUNT_LOGE("Account does not exist");
292 return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
293 }
294 sptr<AuthCallbackDeathRecipient> deathRecipient = new (std::nothrow) AuthCallbackDeathRecipient();
295 if ((deathRecipient == nullptr) || (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
296 ACCOUNT_LOGE("failed to add death recipient for auth callback");
297 return ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT;
298 }
299
300 auto callbackWrapper = std::make_shared<AuthCallback>(authParam.userId,
301 osAccountInfo.GetCredentialId(), authParam.authType, (authParam.remoteAuthParam != std::nullopt), callback);
302 callbackWrapper->SetDeathRecipient(deathRecipient);
303
304 UserIam::UserAuth::AuthParam iamAuthParam;
305 CopyAuthParam(authParam, iamAuthParam);
306 ACCOUNT_LOGI("Start IAM AuthUser.");
307 contextId = UserAuthClient::GetInstance().BeginAuthentication(iamAuthParam, callbackWrapper);
308 deathRecipient->SetContextId(contextId);
309 return ERR_OK;
310 }
311
CancelAuth(uint64_t contextId)312 int32_t InnerAccountIAMManager::CancelAuth(uint64_t contextId)
313 {
314 return UserAuthClient::GetInstance().CancelAuthentication(contextId);
315 }
316
GetAvailableStatus(AuthType authType,AuthTrustLevel authTrustLevel,int32_t & status)317 int32_t InnerAccountIAMManager::GetAvailableStatus(
318 AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status)
319 {
320 if (static_cast<int32_t>(authType) != static_cast<int32_t>(IAMAuthType::DOMAIN)) {
321 status = UserAuthClientImpl::Instance().GetAvailableStatus(authType, authTrustLevel);
322 return ERR_OK;
323 }
324 bool isPluginAvailable = InnerDomainAccountManager::GetInstance().IsPluginAvailable();
325 if (isPluginAvailable) {
326 status = ERR_JS_SUCCESS;
327 } else {
328 status = ERR_JS_AUTH_TYPE_NOT_SUPPORTED;
329 }
330 return ERR_OK;
331 }
332
GetDomainAuthStatusInfo(int32_t userId,const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)333 ErrCode InnerAccountIAMManager::GetDomainAuthStatusInfo(
334 int32_t userId, const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
335 {
336 OsAccountInfo osAccountInfo;
337 ErrCode result = IInnerOsAccountManager::GetInstance().QueryOsAccountById(userId, osAccountInfo);
338 if (result != ERR_OK) {
339 ACCOUNT_LOGE("failed to get account info");
340 return result;
341 }
342 DomainAccountInfo domainAccountInfo;
343 osAccountInfo.GetDomainInfo(domainAccountInfo);
344 if (domainAccountInfo.accountName_.empty()) {
345 ACCOUNT_LOGE("the target user is not a domain account");
346 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
347 }
348 std::shared_ptr<DomainAccountCallback> statusCallback =
349 std::make_shared<GetDomainAuthStatusInfoCallback>(request, callback);
350 if (statusCallback == nullptr) {
351 ACCOUNT_LOGE("failed to create GetDomainAuthStatusInfoCallback");
352 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
353 }
354 return InnerDomainAccountManager::GetInstance().GetAuthStatusInfo(domainAccountInfo, statusCallback);
355 }
356
CheckDomainAuthAvailable(int32_t userId)357 bool InnerAccountIAMManager::CheckDomainAuthAvailable(int32_t userId)
358 {
359 OsAccountInfo osAccountInfo;
360 if (IInnerOsAccountManager::GetInstance().QueryOsAccountById(userId, osAccountInfo) != ERR_OK) {
361 ACCOUNT_LOGE("failed to get account info");
362 return false;
363 }
364 DomainAccountInfo domainAccountInfo;
365 osAccountInfo.GetDomainInfo(domainAccountInfo);
366 bool isAvailable = InnerDomainAccountManager::GetInstance().IsPluginAvailable();
367 return !domainAccountInfo.accountName_.empty() && isAvailable;
368 }
369
GetProperty(int32_t userId,const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)370 void InnerAccountIAMManager::GetProperty(
371 int32_t userId, const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
372 {
373 if (callback == nullptr) {
374 ACCOUNT_LOGE("callback is nullptr");
375 return;
376 }
377 if (static_cast<int32_t>(request.authType) != static_cast<int32_t>(IAMAuthType::DOMAIN)) {
378 auto getCallback = std::make_shared<GetPropCallbackWrapper>(userId, callback);
379 UserAuthClient::GetInstance().GetProperty(userId, request, getCallback);
380 return;
381 }
382 ErrCode result = GetDomainAuthStatusInfo(userId, request, callback);
383 if (result != ERR_OK) {
384 Attributes attributes;
385 callback->OnResult(result, attributes);
386 }
387 }
388
SetProperty(int32_t userId,const SetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)389 void InnerAccountIAMManager::SetProperty(
390 int32_t userId, const SetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
391 {
392 if (static_cast<int32_t>(request.authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
393 Attributes result;
394 callback->OnResult(ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE, result);
395 return;
396 }
397 auto setCallback = std::make_shared<SetPropCallbackWrapper>(userId, callback);
398 UserAuthClient::GetInstance().SetProperty(userId, request, setCallback);
399 }
400
GetEnrolledId(int32_t accountId,AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)401 void InnerAccountIAMManager::GetEnrolledId(
402 int32_t accountId, AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
403 {
404 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
405 ACCOUNT_LOGE("Unsupported auth type");
406 uint64_t emptyId = 0;
407 callback->OnEnrolledId(ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE, emptyId);
408 return;
409 }
410 auto GetSecUserInfoCallback = std::make_shared<GetSecUserInfoCallbackWrapper>(authType, callback);
411 UserIDMClient::GetInstance().GetSecUserInfo(accountId, GetSecUserInfoCallback);
412 }
413
HandleFileKeyException(int32_t userId,const std::vector<uint8_t> & secret,const std::vector<uint8_t> & token)414 void InnerAccountIAMManager::HandleFileKeyException(int32_t userId, const std::vector<uint8_t> &secret,
415 const std::vector<uint8_t> &token)
416 {
417 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId) +
418 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
419 auto accountFileOperator = std::make_shared<AccountFileOperator>();
420 bool isExistFile = accountFileOperator->IsExistFile(path);
421 ACCOUNT_LOGI("The add_secret_flag file existence status:%{public}d, localId:%{public}d", isExistFile, userId);
422 if (!isExistFile) {
423 return;
424 }
425 auto callback = std::make_shared<GetSecureUidCallback>(userId);
426 std::unique_lock<std::mutex> lck(callback->secureMtx_);
427 ErrCode code = UserIDMClient::GetInstance().GetSecUserInfo(userId, callback);
428 if (code != ERR_OK) {
429 ACCOUNT_LOGE("Failed to get secure uid, userId: %{public}d", userId);
430 ReportOsAccountOperationFail(userId, "addCredential", code,
431 "Failed to get secure uid when restoring key context");
432 return;
433 }
434 auto status = callback->secureCv_.wait_for(lck, std::chrono::seconds(TIME_WAIT_TIME_OUT));
435 if (status != std::cv_status::no_timeout) {
436 ACCOUNT_LOGE("GetSecureUidCallback time out");
437 ReportOsAccountOperationFail(userId, "addCredential", -1, "Get secure uid timeout when restoring key context");
438 return;
439 }
440 code = UpdateStorageUserAuth(userId, callback->secureUid_, token, {}, secret);
441 if (code != ERR_OK) {
442 ACCOUNT_LOGE("Restore user auth fail, userId: %{public}d", userId);
443 ReportOsAccountOperationFail(userId, "addCredential", code, "Failed to restore user auth");
444 return;
445 }
446 code = UpdateStorageKeyContext(userId);
447 if (code != ERR_OK) {
448 ACCOUNT_LOGE("Restore key context fail, userId:%{public}d", userId);
449 ReportOsAccountOperationFail(userId, "addCredential", code, "Failed to restore key context");
450 return;
451 }
452 ACCOUNT_LOGI("Restore key context successfully, userId:%{public}d", userId);
453 code = accountFileOperator->DeleteDirOrFile(path);
454 if (code != ERR_OK) {
455 ReportOsAccountOperationFail(userId, "addCredential", code,
456 "Failed to delete add_secret_flag file after restoring key context");
457 ACCOUNT_LOGE("Delete file fail, path=%{public}s", path.c_str());
458 }
459 }
460
GetState(int32_t userId)461 IAMState InnerAccountIAMManager::GetState(int32_t userId)
462 {
463 std::lock_guard<std::mutex> lock(mutex_);
464 auto it = userStateMap_.find(userId);
465 if (it != userStateMap_.end()) {
466 return it->second;
467 }
468 return userStateMap_[0];
469 }
470
SetState(int32_t userId,IAMState state)471 void InnerAccountIAMManager::SetState(int32_t userId, IAMState state)
472 {
473 std::lock_guard<std::mutex> lock(mutex_);
474 userStateMap_[userId] = state;
475 }
476
UpdateStorageKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)477 ErrCode InnerAccountIAMManager::UpdateStorageKey(
478 int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
479 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
480 {
481 int times = 0;
482 ErrCode errCode = ERR_OK;
483 while (times < MAX_RETRY_TIMES) {
484 errCode = InnerUpdateStorageKey(userId, secureUid, token, oldSecret, newSecret);
485 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
486 return errCode;
487 }
488 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
489 times++;
490 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
491 }
492 return errCode;
493 }
494
InnerUpdateStorageKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)495 ErrCode InnerAccountIAMManager::InnerUpdateStorageKey(
496 int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
497 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
498 {
499 #ifdef HAS_STORAGE_PART
500 auto storageMgrProxy = GetStorageManagerProxy();
501 if (storageMgrProxy == nullptr) {
502 ACCOUNT_LOGE("fail to get storage proxy");
503 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
504 }
505 ErrCode result = storageMgrProxy->UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
506 if ((result != ERR_OK) && (result != ERROR_STORAGE_KEY_NOT_EXIST)) {
507 ACCOUNT_LOGE("fail to update user auth");
508 return result;
509 }
510
511 result = storageMgrProxy->UpdateKeyContext(userId);
512 if (result != ERR_OK) {
513 ACCOUNT_LOGE("Fail to update key context, userId=%{public}d, result=%{public}d", userId, result);
514 }
515 return result;
516 #else
517 return ERR_OK;
518 #endif
519 }
520
UpdateStorageKeyContext(const int32_t userId)521 ErrCode InnerAccountIAMManager::UpdateStorageKeyContext(const int32_t userId)
522 {
523 int times = 0;
524 ErrCode errCode = ERR_OK;
525 while (times < MAX_RETRY_TIMES) {
526 errCode = InnerUpdateStorageKeyContext(userId);
527 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
528 return errCode;
529 }
530 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
531 times++;
532 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
533 }
534 return errCode;
535 }
536
InnerUpdateStorageKeyContext(const int32_t userId)537 ErrCode InnerAccountIAMManager::InnerUpdateStorageKeyContext(const int32_t userId)
538 {
539 ACCOUNT_LOGI("Enter, userId=%{public}d", userId);
540 #ifdef HAS_STORAGE_PART
541 auto storageMgrProxy = GetStorageManagerProxy();
542 if (storageMgrProxy == nullptr) {
543 ACCOUNT_LOGE("Fail to get storage proxy");
544 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
545 }
546 ErrCode code = storageMgrProxy->UpdateKeyContext(userId);
547 if (code != ERR_OK) {
548 ACCOUNT_LOGE("Fail to update key context, userId=%{public}d, code=%{public}d", userId, code);
549 return code;
550 }
551 #endif
552 return ERR_OK;
553 }
554
UpdateStorageUserAuth(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)555 ErrCode InnerAccountIAMManager::UpdateStorageUserAuth(int32_t userId, uint64_t secureUid,
556 const std::vector<uint8_t> &token, const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
557 {
558 int times = 0;
559 ErrCode errCode = ERR_OK;
560 while (times < MAX_RETRY_TIMES) {
561 errCode = InnerUpdateStorageUserAuth(userId, secureUid, token, oldSecret, newSecret);
562 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
563 return errCode;
564 }
565 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
566 times++;
567 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
568 }
569 return errCode;
570 }
571
InnerUpdateStorageUserAuth(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)572 ErrCode InnerAccountIAMManager::InnerUpdateStorageUserAuth(int32_t userId, uint64_t secureUid,
573 const std::vector<uint8_t> &token, const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
574 {
575 ACCOUNT_LOGI("Enter, userId=%{public}d", userId);
576 #ifdef HAS_STORAGE_PART
577 auto storageMgrProxy = GetStorageManagerProxy();
578 if (storageMgrProxy == nullptr) {
579 ACCOUNT_LOGE("Fail to get storage proxy");
580 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
581 }
582
583 ErrCode code = storageMgrProxy->UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
584 if ((code != ERR_OK) && (code != ERROR_STORAGE_KEY_NOT_EXIST)) {
585 ACCOUNT_LOGE("Fail to update user auth, userId=%{public}d, code=%{public}d", userId, code);
586 return code;
587 }
588 #endif
589 return ERR_OK;
590 }
591
GetLockScreenStatus(uint32_t userId,bool & lockScreenStatus)592 ErrCode InnerAccountIAMManager::GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus)
593 {
594 int times = 0;
595 ErrCode errCode = ERR_OK;
596 while (times < MAX_RETRY_TIMES) {
597 errCode = InnerGetLockScreenStatus(userId, lockScreenStatus);
598 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
599 return errCode;
600 }
601 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
602 times++;
603 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
604 }
605 return errCode;
606 }
607
InnerGetLockScreenStatus(uint32_t userId,bool & lockScreenStatus)608 ErrCode InnerAccountIAMManager::InnerGetLockScreenStatus(uint32_t userId, bool &lockScreenStatus)
609 {
610 #ifdef HAS_STORAGE_PART
611 auto storageMgrProxy = GetStorageManagerProxy();
612 if (storageMgrProxy == nullptr) {
613 ACCOUNT_LOGE("fail to get storage proxy");
614 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
615 }
616 ErrCode result = storageMgrProxy->GetLockScreenStatus(userId, lockScreenStatus);
617 if (result != ERR_OK) {
618 ACCOUNT_LOGE("failed to get lock screen status");
619 return result;
620 }
621 #endif
622 return ERR_OK;
623 }
624
UnlockUserScreen(int32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)625 ErrCode InnerAccountIAMManager::UnlockUserScreen(
626 int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
627 {
628 int times = 0;
629 ErrCode errCode = ERR_OK;
630 while (times < MAX_RETRY_TIMES) {
631 errCode = InnerUnlockUserScreen(userId, token, secret);
632 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
633 return errCode;
634 }
635 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
636 times++;
637 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
638 }
639 return errCode;
640 }
641
InnerUnlockUserScreen(int32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)642 ErrCode InnerAccountIAMManager::InnerUnlockUserScreen(
643 int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
644 {
645 #ifdef HAS_STORAGE_PART
646 auto storageMgrProxy = GetStorageManagerProxy();
647 if (storageMgrProxy == nullptr) {
648 ACCOUNT_LOGE("fail to get storage proxy");
649 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
650 }
651 ErrCode result = storageMgrProxy->UnlockUserScreen(userId, token, secret);
652 if (result != ERR_OK) {
653 ACCOUNT_LOGE("fail to unlock screen");
654 return result;
655 }
656 #endif
657 return ERR_OK;
658 }
659
ActivateUserKey(int32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)660 ErrCode InnerAccountIAMManager::ActivateUserKey(
661 int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
662 {
663 int times = 0;
664 ErrCode errCode = ERR_OK;
665 while (times < MAX_RETRY_TIMES) {
666 errCode = InnerActivateUserKey(userId, token, secret);
667 if ((errCode != Constants::E_IPC_ERROR) && (errCode != Constants::E_IPC_SA_DIED)) {
668 return errCode;
669 }
670 ACCOUNT_LOGE("errCode=%{public}d, userId=%{public}d, times=%{public}d", errCode, userId, times);
671 times++;
672 std::this_thread::sleep_for(std::chrono::milliseconds(DELAY_FOR_EXCEPTION));
673 }
674 return errCode;
675 }
676
InnerActivateUserKey(int32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)677 ErrCode InnerAccountIAMManager::InnerActivateUserKey(
678 int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
679 {
680 #ifdef HAS_STORAGE_PART
681 auto storageMgrProxy = GetStorageManagerProxy();
682 if (storageMgrProxy == nullptr) {
683 ACCOUNT_LOGE("fail to get storage proxy");
684 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
685 }
686 ErrCode result = storageMgrProxy->ActiveUserKey(userId, token, secret);
687 ACCOUNT_LOGI("ActiveUserKey end, ret: %{public}d", result);
688 if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
689 return result;
690 }
691 result = storageMgrProxy->PrepareStartUser(userId);
692 ACCOUNT_LOGI("PrepareStartUser end, ret: %{public}d", result);
693 #endif
694 return ERR_OK;
695 }
696
697 #ifdef HAS_STORAGE_PART
GetStorageManagerProxy()698 sptr<StorageManager::IStorageManager> InnerAccountIAMManager::GetStorageManagerProxy()
699 {
700 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
701 if (systemAbilityManager == nullptr) {
702 ACCOUNT_LOGE("failed to get system ability mgr");
703 return nullptr;
704 }
705 auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
706 if (remote == nullptr) {
707 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service");
708 return nullptr;
709 }
710 auto storageMgrProxy = iface_cast<StorageManager::IStorageManager>(remote);
711 return storageMgrProxy;
712 }
713 #endif
714 } // namespace AccountSA
715 } // namespace OHOS
716